<div>
  When checked, Jenkins will set the
  <code>Content-Security-Policy</code>
  header that enforces its configuration. Otherwise, it will set the
  <code>Content-Security-Policy-Report-Only</code>
  header, which only requests that browsers report violations, but does not
  enforce them.
</div>
